Security researchers have released what they say is an unofficial fix for the critical Adobe Reader vulnerability that's being actively exploited to install malware on machines running Microsoft Windows.
The download replaces a buggy strcat call in a font-rendering DLL module with a more secure function, according to this …

Is Acrobat 5.1 vulnerable?

I still use it, because it can still read all the documents I need to read, but comes without all the new-fangled bloatware and all the man-years of vulnerabilities associated with the bloatware. I did try Foxit but me and it didn't get on, so it just seemed simpler to go back to Acrobat 5.1.

Relatively simple?

Have you *seen* the mountains of cruft that pos installs on a machine? Granted, very little of it has anything to do with reading PDFs - but it's still there, hogging resources, painting big bullseyes on your bank-account details.

because Adobe follows industry worst practices

Adobe was a pioneer of offloading their code development to India to the lowest bidder. Surprise surprise code monkey hacks produce spaghetti code that is full of bugs that take forever to find and patch correctly. Now their software is the worse in the industry and the only mystery is why the hell is it on so many boxes. Always one of the first steps to securing a computer is to check and recheck that no Adobe software is installed. If it is no matter what you do the box can't be locked down.

Sumatra PDF Reader

Brick?

Rather weird claim in the article.

Testing the patch / update is a thoroughly good idea, and apparantly something they've not done before given the quality of output we get from Adobe. However, testing it to make sure it doesn't brick any Win installations?!

It takes some pretty impressive coding to brick an OS from ring-3 these days.

And who the hell uses strcat and its ilk outside of homebrew kludge-ware intended for personal use only?! When did Aleph1 explain buffer overflows in extremely simple terms? 10 years ago? Pretty sure he advocated keeping well away from strcat, sprintf etc. Organisations the size of Adobe have ridiculous numbers of policies and procedures when it comes to coding - surely that should include the public flogging of anyone using such functions...